<?php
/**
 * IDS_Estate_Wrapper  
 * 
 * This class inhabites all (future) functions to 
 * prevent XSS on php-ids.org
 * 
 * @author mario
 */
class IDS_Estate_Wrapper{

    /**
     *  exclude array (only for filtering)
     */
    private $exclude = array('content', 
                             'comment', 
                             'Body');

    /**
     * __construct
     * 
     * Starts filtering
     * 
     * @author mario
     */
    public function __construct(){
        
        # set default timezone        
        date_default_timezone_set('Europe/Berlin');           
        
        $this->useIDS();
        $this->filter();   
    }
    
    /**
     * useIDS
     * 
     */
    protected function useIDS (){
        
        set_include_path('/home/phpids/common/');
    
        require_once 'IDS/Monitor.php';
        require_once 'IDS/Filter/Storage.php';

        $storage = new IDS_Filter_Storage();
        $storage->getFilterFromXML('/home/phpids/common/IDS/default_filter.xml');
        

		/**
		 * 	3rd: instanciate the ids and start the detection
		 * 
		 * 	here we are using $_GET but you can pass any 
		 * 	array you want like $_REQUEST, $_SESSION etc.
		 */
        $request = array_merge($_GET, $_POST);

        # add $_SERVER REQUEST_URI
        $request['IDS_REQUEST_URI'] = $_SERVER['REQUEST_URI'];               		
        $request['IDS_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; 
        $request['IDS_SERVER_ADDR'] = $_SERVER['SERVER_ADDR'];

        $request = new IDS_Monitor($request, $storage);
		
        # set exceptions
        $request->setExceptions($this->exclude);        
        
        $report = $request->run();
        

        if (!$report->isEmpty()) {
            if($report->getImpact() >= 10) {

                /*
                * now store the data using IDS_Log_Composite and
                * Log_File
                */
                require_once 'IDS/Log/File.php';
                require_once 'IDS/Log/Composite.php';
               
                
                $compositeLog = new IDS_Log_Composite();
                $compositeLog->addLogger(
                   IDS_Log_File::getInstance('/home/phpids/common/log.txt') 
                );

                # send out mail - still having problems with the mail logger
                $body = "found injection:\n";
                foreach ($report as $event) {
                    $body .= $event->getName(). " - " . substr(htmlentities(stripslashes($event->getValue())),0,120)."\n\n";
                    foreach($event as $filter){
                        if(strlen($filter->getRule()) > 80){
                            $dots = '...';
                        } else {
                            $dots = null;
                        }
                        $body .= "rule: ".substr(htmlentities($filter->getRule()),0,80).$dots."\n";
                        $body .= "rule-description: ".htmlentities($filter->getDescription())."\n";
                        $body .= "impact: ".$filter->getImpact()."\n\n";
                    }
                }
                $body .= "Overall impact:".$report->getImpact()."\n\n";
                mail('mario.heiderich@gmail.com', 'PHPIDS Intrusion ' . date('d.m.Y h:i:s'), $body);
                
                if (!$report->isEmpty()) {
                    $compositeLog->execute($report);
                }

            }

            //@todo: add session support
            if($report->getImpact() >= 50) {
                header('location: http://php-ids.org/detected');
                exit;       
            }
        }
        
        return true;
    }

    /**
     * Does the filtering process
     *
     * Looks poor but effectively disables attribute breaking
     *
     * @access   public
     * @return   bool
     * @author mario
     */
    protected function filter() {
        
        foreach($_REQUEST as $key => $value){
            if(!in_array($key, $this->exclude)){
                $_REQUEST[$key] = preg_replace('/["]+/iDs', '”', $value);
            }
        }
        foreach($_POST as $key => $value){
            if(!in_array($key, $this->exclude)){
                $_POST[$key] = preg_replace('/["]+/iDs', '”', $value);
            }
        }
        foreach($_GET as $key => $value){
            if(!in_array($key, $this->exclude)){
                $_GET[$key] = preg_replace('/["]+/iDs', '”', $value);
            }
        }
        foreach($_COOKIE as $key => $value){
            if(!in_array($key, $this->exclude)){
                $_COOKIE[$key] = preg_replace('/["]+/iDs', '”', $value);
            }
        }        
    }
}

#start the sanitization and detection
$security = new IDS_Estate_Wrapper();

/*
 * Local variables:
 * tab-width: 4
 * c-basic-offset: 4
 * End:
 */
